How do I get Sinatra to refrain from adding the X-Frame-Options header?

ruby iframe sinatra x-frame-options
Bruce picture Bruce · Oct 20, 2011 · Viewed 9.6k times · Source

I am using Sinatra to return some IFRAME contents, and I'd like to allow cross-domain src. Unfortunately, Sinatra is automatically adding an X-Frame-Options header to my response. How do I turn that off?

Answer

matt picture matt · Oct 20, 2011

Sinatra uses Rack::Protection, in particular the frame_options option, which is what is setting the X-Frame-Options header.

You can configure which protections are used. Sinatra turns most of them on by default, (some are only enabled if you also are using sessions, and Rack::Protection itself doesn't enable some by default).

To prevent sending the X-Frame-Options header you need to disable frame_options like this:

set :protection, :except => :frame_options

Related questions

How to check if a value exists in an array in Ruby

I have a value 'Dog' and an array ['Cat', 'Dog', 'Bird']. How do I check if it exists in the array without looping through it? Is there a simple way of checking if the value exists, nothing more?

Read More
How to write a switch statement in Ruby

How do I write a switch statement in Ruby?

Read More
How to check whether a string contains a substring in Ruby

I have a string variable with content: varMessage = "hi/thsid/sdfhsjdf/dfjsd/sdjfsdn\n" "/my/name/is/balaji.so\n" "call::myFunction(int const&)\n" "void::secondFunction(char const&)\n" . . . "this/is/last/line/liobrary.so" In the …

Read More